a brief introduction to information security - part i · 2012-08-23 · a brief introduction to...
TRANSCRIPT
A brief introduction to information securityPart I
Tyler Moore
Computer Science & Engineering Department, SMU, Dallas, TX
August 23, 2012
Some definitionsComputer systems and networks
Outline
1 Some definitionsWhat is security?What is digital information?What is information security?
2 Computer systems and networksComputer architectureNetwork architecture
2 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Safety vs. Security
Safety
Protects againstaccidents
Defends against nature
Can be modeled usingprobability theory withhistorical data
Security
Protects against intentionalmalice
Defends against intelligentbeings
Must model the strategy ofadversaries
4 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Safety vs. Security
SafetySecurity
Question: If you were in charge of a building’s security, how wouldpreparations differ for a tornado versus a terrorist attack?
Hint: When preparing for a tornado, should you consider whetherneighboring buildings have been protected?
5 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
What is digital information?
Definition
Digital information: information encoded in discrete numbers
“Hi!” → 0x486921
6 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
What are the implications of digital representation ofinformation?
1 Costless to create perfect copies
2 Information can be transmitted anywhere immediately3 Information can be remembered indefinitely
⇒ Easy to keep detailed record of transactions
4 Digitally encoded information lacks provenance
⇒ Modifications can’t be identified by just looking at the data
7 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
What is information security?
Information security is the endeavor to achieve protection goalsspecific to information. What are those goals?
1 Confidentiality: information is accessible only to authorizedparties
2 Integrity: modification of information can be detected
3 Availability: authorized parties can access information (anduse resources) when and where it is needed
8 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Confidentiality
Broker Exchange
〈BUY,200,GOOG,$600.25〉
Eve
9 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Confidentiality caveats
Confidentiality does not cover prior knowledge
Breaches of confidentiality cannot be undone
Breaches of confidentiality can be difficult to detect
Question: what characteristics of digital information makeprotecting confidentiality difficult?
10 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Integrity
Broker Exchange
〈BUY,200,GOOG,$600.25〉
Mallory
$550.25
11 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Integrity caveats
Protecting integrity 6=⇒ correcting modifications
Integrity simply ensures that information hasn’t been altered
Integrity makes no claim of absolute correctness
Question: what characteristics of digital information makeprotecting integrity difficult?
12 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Availability
Broker Exchange
〈BUY,200,GOOG,$600.25〉
Mallory
〈BUY,200,GOOG,$600.25〉
13 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Availability caveats
Integrity is widely seen to be “harder” to guarantee thanconfidentiality or integrity
Why? guarantees must often be made for more than theinformation
Guarantees of the functionality of other parties may berequired
14 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Who are these authorized parties the definitions speak of?
Who is an authorized party?
How are they authorized? By whom?
Parties: human beings controlling computer system, orprograms acting on their behalf
Authorization: decision a principal must take on whether aparty is allowed to undertake a task
Authorization decision is the fundamental challenge ofsecurity engineering
15 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Identification vs. Authentication vs. Authorization
Identification, authentication and authorization answerdifferent questions
Identification: Who are you?Authentication: Is it really you?Authorization: Knowing who you are, are you allowed to dosomething?
Common mistake: conflating these concepts
Deploying an authentication system does not solve theauthorization problem
16 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
How computers identify people
In order to authorize a user to access computer resources,systems must figure out who they’re interacting with
Computer systems store (ID, attribute) pairs
Upon encountering a user, the system prompts for the ID andattribute.
IDs should be unique
If the attribute is only known to the user (e.g., a password), itcan be used to authenticate the user to the system
17 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Case study: authentication and authorization at ATMs
ATM Bank
Authentication steps
1. Insert card
2. Request matching PIN
3. Enter PIN
Authorization steps
4. How much to withdraw?
5. Request $100
6. Balance≥$100?
7. Approve withdrawal
8. Dispense $100
18 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Authentication failure: ATM fails to authenticate user
ATM Bank
Authentication steps
1. Insert card
2. Request matching PIN
3. Enter PIN
Authorization steps
4. How much to withdraw?
5. Request $100
6. Balance≥$100?
7. Approve withdrawal
8. Dispense $100
Mallory
Guess PIN
19 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Card skimmers: ATM incorrectly authenticates user
Source: http://krebsonsecurity.com/all-about-skimmers/
20 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Authentication failure: User fails to authenticate ATM
ATM Bank
Authentication steps
1. Insert card
2. Request matching PIN
3. Enter PIN
Authorization steps
4. How much to withdraw?
5. Request $100
6. Balance≥$100?
7. Approve withdrawal
8. Dispense $100
ATM
Mallory
FakeATM
21 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Fake ATMs: User fails to authenticate ATM
Source: http://www.wired.com/threatlevel/2009/08/malicious-atm-catches-hackers/
22 / 41
Some definitionsComputer systems and networks
What is security?What is digital information?What is information security?
Question: how does authentication fail on phishingwebsites?
23 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Four fundamental ideas of computer architecture
1 Code is data
2 Layers of abstraction
3 Moore’s law
4 Halting problem
25 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
The von Neumann computer architecture
The pervasive von Neumann computerarchitecture does not distinguishbetween instructions for computerprograms and data
Consequently, Code is Data⇒ Enables great flexibility in
reprogramming computers⇒ Programs can be costlessly
reproduced, not just data
There are unfortunate securityimplications John von Neumann
26 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
The dark side of “Code is Data”
Source: http://www.cl.cam.ac.uk/~rja14/Papers/SE-04.pdf
27 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Layers of abstraction
Abstraction: specifying meaning and behavior of softwarewhile hiding implementation details
Modular code exploits abstraction and enables compositionand reuse
Abstraction and code modularity enables rapid softwaredevelopment (which has in turn led to a rapid rise in softwarecomplexity)
Unlike for mechanical engineering, in software engineeringthere is no practical limit to the potential combinations ofcode
28 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Abstraction solves everything?
“All problems in computer sciencecan be solved by another level ofindirection.”
David Wheeler
29 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Layered computer architecture
Hardware
Operating system
Libraries
Application
Active content
Intel x86
Microsoft Windows
Mozilla Firefox
Gecko, NSPR, OJI, . . .
30 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Layers – good or bad?
+ Abstraction enables greater compatibility since higher layeronly interacts with next layer
+ Layered approach means that developers can ignore problemsalready solved at other layers
- Higher layers cannot identify or prevent malfunctions at lowerlayers
- Vulnerabilities propagate up the stack
- Flaws in a single layer can affect all software developed on top
⇒ Think back to when Windows was ridden with holes
Question: at what layer can a strategic attacker wreak themost havoc at least cost?
31 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Abstraction solves everything?
“All problems in computer sciencecan be solved by another level ofindirection”, except securityproblems.
32 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Moore’s law
Intel founder Gordon Moore noticed in 1965 that integratedcircuit density had been doubling since the 1950s
He predicted the trend to continue
Moore’s Law: computer performance roughly doubles every 18months
Figure from Moore’s original paper speculating on the implications of exponential growth in computing power
33 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
The halting problem
In 1936, Alan Turing proved that it isimpossible to write a general-purposeprogram that can determine whetheranother program will stop
Bear this in mind the next timesomeone complains that softwaredevelopers should be able to find andremove all vulnerabilities in their code
34 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
The Internet circa 1971
Source: http://personalpages.manchester.ac.uk/staff/m.dodge/cybergeography/atlas/arpanet3.gif
35 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Network architecture
It has long been recognized that there could be value inconnecting computers together
Researchers developed protocols that specified how computerscould communicate with each other
Networking protocols also leverage abstraction layers
36 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Networking protocol stack
Physical
Data Link
Network
Transport
Application
802.11n
Ethernet
IP
TCP, UDP
HTTP, SMTP, BGP
37 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Networking protocols
IP protocolEach computer has a 32-bit unique address (e.g.,129.119.70.166)Any computer should be reachable using its IP address
Transport layerTCP: establishes connection between devices before sendingtrafficUDP: connectionless – data is simply transmitted
Application layerMany available applications, each operating on a different portHTTP (port 80): protocol for web sites (e.g., connecting to129.119.70.166:80 delivers the SMU home page)SMTP (port 25): protocol for sending emailSSH (port 22): secure remote login to computersBGP (port 179): protocol for connecting Internet providersMany applications have been developed (e.g., see a list ofcommon port numbers athttp://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers)
38 / 41
Notes
Notes
Notes
Notes
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Global routing via BGP
Source: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/networks-and-services-resilience/inter-x/interx/
report/interx-report/at_download/fullReport
39 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Important design decisions for networking protocols
Internet protocols incorporated a number of design decisionsthat impact security
1 IP makes computers globally addressable2 Packets are delivered on a best-effort basis, making it hard to
distinguish malice from bad luck3 No built-in authentication to protocols, which enables spoofing4 Design is inherently decentralized, which makes coordination
difficult (e.g., to upgrade to a more secure protocol)
40 / 41
Some definitionsComputer systems and networks
Computer architectureNetwork architecture
Recap
1 Some definitionsWhat is security?What is digital information?What is information security?
2 Computer systems and networksComputer architectureNetwork architecture
41 / 41
Notes
Notes
Notes
Notes